Thursday, February 16, 2017

DETERRENCE: Drop other people's warez

I'll take: Famous old defacements for $100, Alex

I had this whole blogpost written - it had Apache-Scalp in it, and some comments on my attempts at dating, and Fluffy Bunny, and was all about how whimsical defacement had a certain value in terms of expressing advanced capability, and hence in terms of deterrence. "Whimsy as a force multiplier!"

But then Bas came over and pointed out that I was super wrong. Not only are defacements usually useless, but they are not the Way. In most domains, deterrence is about showing what you can do. In cyber, deterrence is showing what other people can do.

The Russians and US have been performing different variations on this theme. The ShadowBrokers team is a 10 out of 10 on the scale, and our efforts to out their trojans, methodologies, and team members via press releases is similar, but perhaps less effective overall.

If you are still on the fence over whether the VEP is a good idea: The Russians can release an entire tree of stolen exploits and trojans because:

Our exploits don't overlap with theirs

Our persistence techniques, exfiltration techniques, and hooking techniques that we use in our implants, where they are not public, don't overlap with theirs.

Or maybe they filtered it out so techniques they still use don't get burnt?